Vista virus trojan-clicker.win32.small.kj

Solved/Closed
Angry - Mar 23, 2010 at 02:48 PM
Ambucias Posts 47357 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Apr 23, 2011 at 03:55 AM
Hello,
I just started getting all kinds of Vista Security - Unregistered Version messages. Pop ups say I have all kinds of viruses but Norton says I'm protected. The Vista Security panel (that is also a pop up) says I need to activate my copy and pay a fee to get full time protection. One of the files is:" trojan-clicker.win32.small.kj This looks like another scam. I cannot access the internet with the infected computer but have another computer available to download/save programs and files if needed. I would appreciate help.
Related:

4 responses

Ambucias Posts 47357 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,178
Apr 23, 2011 at 03:55 AM
Kanna,

Please follow the following procedure carefully and to the letter.

You have a rogue virus Trojan Horse which is self protective, thus it will prevent any antivirus from fonctionning.

You must kill the evil processes which the virus is presently running amd preventing you from running any antivirus. If you don't it will keep reproducing the files for ever.

To kill the processes:

1. Download to your desktop and run Rogue Kill:

https://download.bleepingcomputer.com/grinler/rkill.com

2. You should now see a window that shows all of your desktop icons, including the rkill.com program.

3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.

As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))

Please, DO NOT REBOOT your computer or the processes will come back to haunt you!

Download to your desktop Malwarebyte.

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/

Once on your desktop, we must still outwit the virus.

Right click on the MBAM icon and click on rename. Rename it kioskea.exe.

Install Malwarebyte and launch it. From the second tab, update it.

Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
2
Hi I have the same problem... But I have Vista... I can't kind the Security Tool process at all.... My home computer is the one with the virus, so I am on my laptop, which is also vista and even on this one I cannot find it. I went through with the anti-malware program you provided and discovered a lot of things on my computer... and deleted them but the main virus is still there... :/ Idk what to do and am seriously worried about the life of my computer. If you could help me at all, it would be very much appreciated.
1
Saycell08 Posts 2 Registration date Tuesday March 23, 2010 Status Member Last seen March 23, 2010
Mar 23, 2010 at 03:47 PM
I recently had the same problem and someone told me to download Malwarebytes Anti-Virus, the link is here https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html

I would advise you to do a FULL scan with your Norton before you go on the internet and I would put money on it that it won't pick anything up. It worked perfect for me and my ESET Smart Security quarantined it for deletion.

Don't forget to un-install it because Norton on Vista sometimes doesn't like another anti-virus and it MAY slow your computer down, but it might not be the case with yours

Hope this helps
0
Ambucias Posts 47357 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,178
Mar 23, 2010 at 04:37 PM
Hello Angry

Here is something to put you in much better mood.

It is not a Trojan klicker but a Rogue Trojan Horse and it is a scam.

You say you cannot access Internet, please first verify your Internet option tools to ensure the "Use a proxy server" is not checked, if so uncheck it.

Here comes the crunch:

Vista Security is getting to be an epidemic. Some people have lost their internet connection and all of their desktop. I understand your despair.

The evil application is self protective and will prevent running antimalware tools including Hyjackthis which is a rather simple tool.

Here are multiple suggestions for in the beginning we can try to fool this rogue Trojan.

This very efficient solution was provided by xpcman one of our moderators and security expert, so it has to work

We must first end the security tool process:

1. Download Process Explorer and save it in C:\ folder.
Download link: http://live.sysinternals.com/procexp.exe

2. Rename procexp.exe to explorer.exe and double-click to run it.
3. Select Security Tool process from the list. Should be 4946550101.exe, vista security, psecurity or similar, you can't miss it. Press "Delete" button to end the process.
4. Close Process Explorer.

Do not reboot your computer for the process will be resurrected and come back to haunt your system.


5. Re download MalwareBytes anti-malware:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/

6. Rename mbam-setup.exe to explorer.exe and double-click to run it. Install, update and run MalwareBytes anti-malware. Then perform a FULL computer scan and remove all found infections.

That should do it.

7. Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.

8. Give me some feedback as to your mood temperature, please.

Regards
0
I have XP and I cannot identify the security tool process...can someone please help?
0
Ambucias Posts 47357 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,178
Apr 12, 2010 at 03:04 PM
Hello Brownie

Of course I can help you. That why I'm here.

Before you launch Malwarebyte to kill the process please run Rkill

https://download.bleepingcomputer.com/grinler/rkill.com

Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Tool when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to outwit the malware trying to protect itself so that rkill can terminate Security Tool . So, please try running Rkill until malware is no longer running.

That is sure to work, so let me know.
0
Ambucias, you're a doll. It appeared to work, but other than appearing to be free of viruses nothing works. I still can't get into my email, it won't let me go into system restore, Many things I can not go into, it appears to be empty. I have temporary folders that still can not be deleted.Can you help with these issues?
Brownie
0
Ambucias Posts 47357 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,178
Apr 21, 2010 at 04:08 AM
Hello Brownie,
I know, I know, that's what every girl tells me...

I would require a Hyjackthis log. (version 2.0.3beta)

http://free.antivirus.com/hijackthis/

Please download, install and request a scan and save a log. Copy the log and post it here.

Regards
0
Ambucias, I have the Hyjackthis log. I'm on a different computer than the one I'm having problems with so there is no pasteing here! The only way I can put it on the forum is to key it in. Before I attempt this, is there a short cut such as certain things I can leave out (in keying) or certain things to look for? I will key it in word for word if I have to but figured I'd better check first.

Thanks again
0